/*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
package com.cmti.skeleton.web.shiro;

import com.cmti.commons.entity.Right;
import com.cmti.skeleton.dao.mapper.SysRightsMapper;
import com.cmti.skeleton.dao.mapper.SysUserMapper;
import com.cmti.skeleton.entity.SysRights;
import com.cmti.skeleton.entity.SysRole;
import com.cmti.skeleton.service.RoleService;
import java.util.LinkedList;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

/**
 *
 * @author : yaohk
 */
public class ShiroRealm extends AuthorizingRealm {

    private final Log log = LogFactory.getLog(getClass());

    @Autowired
    private SysUserMapper userMapper;
    @Autowired
    SysRightsMapper rightMapper;
    @Autowired
    RoleService roleService;

    @Override
    public String getName() {
        return "UserRealm";
    }

    //授权操作、
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal) {
        com.cmti.commons.entity.AuthenticationInfo authInfo = (com.cmti.commons.entity.AuthenticationInfo) principal.getPrimaryPrincipal();
        
        List<SysRights> rights = rightMapper.selectByUserId(authInfo.getId());
        List permissions = new LinkedList();
        for (Right right : rights) {
            if (right.getUrl() != null) {
                String url = right.getUrl();
                String permission = url.substring(1, url.length()).replaceAll("/", ":").replace("*", ":*");
                permissions.add(permission);
                log.trace("permission:" + permission);
            }
        }
        
        List<SysRole> roleList = roleService.queryRoleList(authInfo.getId());
        List<String> roles = new LinkedList<>();
        for (SysRole sysRole : roleList) {
            if (sysRole.getStatus() == 0)
                roles.add(sysRole.getName());
        }
        
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addStringPermissions(permissions);
        info.addRoles(roles);
        return info;
    }

    //认证操作
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        String username = (String) token.getPrincipal();
        com.cmti.commons.entity.AuthenticationInfo authInfo = userMapper.selectByAccount(username);
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(authInfo, token.getCredentials(), this.getName());
        return info;
    }

    public void clearCached() {
        PrincipalCollection principals = SecurityUtils.getSubject().getPrincipals();
        super.clearCache(principals);
    }

}
